Monthly Archives: September 2009

Sun conducted a survey of small and medium-sized businesses (up to 500 employees) to discover their usage and intentions towards open source software and MySQL in particular. I was interested to see the report, particularly after attending an open source round table last week about open source software in government.

The researchers interviewed around 100 people in each of 7 European countries, targetting the “CIO or IT-Manager”. The results were surprising to me. Only 34% of UK (or England; the report uses both terms and does not seem to understand the difference) businesses claim to use open source software, versus 72% in France and 69% in Germany. The only country with lower usage is Sweden on 33%.

I’m sceptical. It seems to me that you have to make some effort to use no open source software anywhere in your business. A web site with PHP and MySQL. Someone editing audio with Audacity, or using Firefox to browse the web, or Filezilla to upload files. Still, let’s take the report at face value for the moment.

Another question is more interesting, asking what percentage of a business’s IT infrastructure is open source.

Even in Germany, the biggest user, only 2% claimed to be completely open source. 72% were less than half open source, and 31% did not use it at all.

In the UK, none were completely open source, 84% less than half, and 66% have no perceived usage.

Here’s a good result though: among UK companies that do use open source, 65% use it for critical projects. This figure is actually above the European average.

Another striking figure: the biggest driver for open source adoption is to save money (61% in the UK, 66% in Germany). Next comes freedom from lock-in (34% in the UK, 53% in Germany), and after that flexibility (20% in the UK, 34% in Germany). Multi-selection must have been possible as figures add to more than 100%.

This last one gives me pause for thought. Most IT companies claim to save you money; it’s part of the standard sales pitch. Open source software generally does though, partly because the whole concept is a form of commoditization, or pooling of resources for mutual benefit. Is it inevitable that if if open source continues to increase its usage share (as most indicators suggest), that overall revenue in the IT industry will diminish?

You can pose the same question substituting “cloud computing” for “open source”; both together could have a substantial impact.

Here’s a case in point. I use Outlook/Exchange rules to sort email into subfolders. I set up a new rule, and was annoyed to find that while messages were correctly being moved into the selected folder, they were not being deleted from the source folder. In other words, I’d asked for move but I was getting copy.

Bug in Outlook/Exchange rules? I don’t entirely trust them; but on this occasion it was my fault. The problem: these messages also matched another rule, which moved them to a different subfolder – the one, in fact, that I was treating as the “source folder”. When confronted with two rules that both move a message, Exchange makes a copy. Whether that is the right behaviour is arguable, but it is not a bug.

Here’s the solution. In the Actions for the rule, also check the option to “Stop processing more rules”.

One of the things that the Flash world really lacks is a strong commercial component marketplace. We have a thriving OSS culture, which is awesome, but while it is very prolific it rarely creates highly reliable, documented, and well-supported libraries. It’s a weakness of the platform, especially when you look at the hundreds or thousands of enterprise class commercial components available for languages like Java or C#.

It is an interesting point. I have always found it intriguing that the commercial component market is so much dominated by Microsoft, thanks perhaps to its early success with VBX and then ActiveX controls for Visual Basic. Despite the maturity of Flash and its popularity among developers, I can more easily name companies with commercial Silverlight components than Flash equivalents – companies like Devexpress, Infragistics, ComponentOne, and Telerik.

Skinner is therefore upset that Adobe has picked a spell checker for its free offering:

When Adobe spends a large amount of resources building a spelling component that directly competes with one of the few successful commercial components in the Flash world, it frustrates me.

though I imagine the impact on his sales is a large factor in his reaction.

The truth is that component vendors always have to play this game of trying to stay ahead of what developers can get for free, either from open source or from what is bundled into the core SDK.

Note that Intel’s just-announced AppDeveloper program for Atom netbooks includes a component marketplace for AIR. I am not sure how significant it will be, but it is another outlet for Flash component vendors.

Microsoft has released its free Security Essentials software, antivirus and antispyware protection aimed at home users. It runs on XP 32-bit, or Vista or Windows 7 32-bit or 64-bit, the only technical restriction being that Windows must validate as “genuine”. Businesses are meant to use Forefront Client Security, though “home-based small businesses” are specifically permitted in the license agreement. I installed it on my Windows 7 64-bit desktop PC.

Installation was smooth, guided by a simple wizard with a castle logo:

The trickiest moment comes when the installer recommends that you “remove other antivirus and antispyware programs”:

I am glad that Microsoft is confronting this issue, since running multiple antivirus applications is terrible for performance. It does make the point that this free software will not be good for competitors at this end of the market. The other issue is that removing other security software will probably mean a reboot as well as passing one or more dialogs pleading with you to reconsider. Do this before running the installer.

Once done, Security Essentials – a terrible, unmemorable, tongue-twisting name – announces that your computer is at risk while it goes off and downloads updates:

When the update completes, it does a quick scan, which took around 30 minutes on my machine. I let this complete – nothing was found – and then had a poke around the tabs and settings.

The user interface is nicely designed and there isn’t much to see. Be default Security Essentials will scan your PC once a week on Sunday night. You can specify quick or full scans. The software also monitors all file activity looking for malware. I get the impression that Microsoft has tried to make Security Essentials as unobtrusive as possible, which is most welcome.

One thing that did annoy me is the settings for recommended actions:

In patronising style, Microsoft offers “Recommended action” as the default when malware is detected, but does not tell you what that action is. It is explained here – for severe or high alerts, it attempts to remove the malware, while for medium or low alerts it quarantines it. However, it does seem to ask first, which is important in the case of false positives.

I couldn’t find any way of setting the frequency of updates, which surprised me.

I gave Security Essentials an easy test by downloading eicar, a harmless file which for testing antivirus software. Security Essentials sprang into life:

I clicked Show details and got another red dialog offering to perform the recommended action, which was Remove. Another click, and it claimed to have done it, with the dialog turning a reassuring shade of green.

Is it any good? That’s a tough one. I don’t have high expectations of any security software based on scanning for known malware. Such software tends to fail when new viruses appear, as they do constantly. Another problem is that the bad guys can run the same security software as you, and design their malware to avoid its effects. In general, it is obvious that antivirus software has failed to prevent the spread of malware. I rate other things as more important, such as keeping systems up-to-date with patches and observing best practice concerning what you allow to execute. Unfortunately clever social engineering can often defeat good intentions.

Still, if you consider antivirus software a necessary evil, this one impresses by being nicely designed and mostly staying out of the way. If you are looking for the highest detection rates, you will have to wait for statistical analyses to be done. I am sure the commercial security companies will be quick to report on failures.

Personally I’m delighted that users can now get the Windows security center (Action Center in Windows 7) to stop bugging them without installing third-party software. Another advantage is that the software won’t stop updating when the user fails to subscribe or renew. Microsoft has plenty of incentive to get this one right, and to deliver something at least as good as the competition without slugging performance or annoying the user with advertisements and/or constant exhortations to upgrade. I think it is worth a try.

Google Chrome Frame is an interesting twist in the browser wars. Web developers can now add a tag to a page that forces Internet Explorer to render it using an embedded version of Chrome:

<meta http-equiv="X-UA-Compatible" content="chrome=1">

The concept is not so different from Mozilla’s Screaming Monkey, which replaces the IE JavaScript engine with its own, except that Chrome Frame has its own HTML renderer as well. The idea is that web developers need no longer be constrained to HTML features which IE supports. IE users do not need to change their browser; just install the plug-in.

The question though: why bother? Why not just ask users to install Chrome itself and use it to browse your site? Chrome on Windows is a great piece of work, and I use it regularly, whereas there’s something odd about using one browser embedded within another.

I suppose there is some small subset of users who have to use IE at work for compatibility with some application, but are allowed to install plug-ins; or others who are brave enough to install an add-in, but feel somehow more comfortable sticking with the default and official Windows web browser.

Still, I’m not sure that there are many users in that category. It also turns out that the Chrome Frame concept has some problems, as I discovered when I tried it out. Note that this is an “early-stage release”, so some things can be expected not to work. Even so, some of the issues cast doubt on whether this a sensible approach. The problem area is integration. For example, when Chrome Frame is active, should the browser announce itself as IE, or as Chrome? When you click a link, should it open in Chrome Frame, or in native IE? When you have a plug-in installed in IE, would you expect it to work in Chrome Frame as well?

The answers currently are that the browser still announces itself as IE, though chromeframe is added to the User-Agent header. Links open by default in IE even if Chrome Frame is active, and plug-ins like Adobe Flash do not work in Chrome Frame even if they are installed in IE. Overall, if you want a page to run well in Chrome Frame, you really need to code for it specifically. In other words, IE+Chrome Frame is yet another browser variation to worry about.

Fortunately, Chrome Frame only kicks in when activated by the tag above, or forced by prefixing the URL with cf; and if users do the latter, they should expect trouble. When I tried it, I had a disappointing experience visiting Adobe.com in Chrome Frame, even though Flash was installed and up-to-date. I’ve included the right-click menu to show that this is Chrome Frame:

Gmail also has problems, probably because it is delivering markup designed for IE:

Of course Chrome Frame is not intended to be used like this; but it does demonstrate the challenges that exist if you decide to target Chrome Frame. In compensation, you get the HTML 5 goodness and fast JavaScript that Google has in its browser.

This feels like a last resort. I doubt network admins will welcome Chrome Frame, since it does undermine one of the reasons for using IE: that the system browser is kept up-to-date by Microsoft with security patches using Windows update or Windows Server Update Services. I’m not tempted to keep it installed myself.

The opposite approach strikes me as better, where other browsers emulate IE by embedding it, as in IE Tab for Firefox.

Still, while I’m sceptical of the technical merits of Chrome Frame, it is a great PR move. It puts pressure on Microsoft to implement more HTML 5 features and speed up its Javascript engine, or risk the embarrassment of sites which require IE users either to switch browsers, or to suffer this add-in.

Update: see also Browser Soup and Chrome Frame by Mozilla’s Mitchell Baker, who does a good job of explaining why this is a bad idea – though bear in mind that she works for a competitor.

I was surprised by the announcement that Silverlight is being ported to Intel’s Moblin Linux, which I’ve already reported both here and on The Register. It feels like a u-turn from Microsoft, which had previously stated that while it would build Silverlight for both Windows and Mac, Linux support was to be done by Novell. This is from the 2007 press release:

Microsoft will work with Novell Inc. to deliver Silverlight support for Linux, called Moonlight, and based on the project started on mono-project.com … Microsoft is committed to ensuring that organizations have the best tools and resources to begin building Silverlight-based solutions with the broadest possible reach. The decision to work with Novell to offer Silverlight support for the Linux platform is in direct response to customer feedback, and both companies are optimistic about the impact this extended partnership will have in the industry.

Now, given that Microsoft has long expressed an intention to bring Silverlight to mobile devices, and that many mobile devices run some variety of Linux, you can argue that the Moblin announcement is merely in line with that strategy. This is what Brian Goldfarb told me – that the Intel deal is in the “mobile device” category, and therefore distinct from the work with Mono.

That said, if you look at the specs for something like Dell’s Mini 10v with Moblin – 1.6Ghz Atom CPU, 160GB hard drive, 1GB RAM, 10.1" 1024×600 display – it really has more in common with a traditional laptop than with, say, a mobile phone. Further, I’m getting the impression that this will be a full Silverlight 3.0 implementation, not a cut-down version like Flash Lite, complete with the Silverlight version of the .NET Framework.

If Microsoft had announced this kind of deal in the early days of Silverlight, it would have have been encouraging for open source advocates. Even though this Silverlight for Moblin is not an open source project, it extends support for a key Microsoft technology to Linux users. Silverlight developers may well prefer that the same code will be running on Moblin as on Windows or Mac, subject to whatever has to be done to make the port work.

Unfortunately at this point the announcement is having an opposite effect, casting doubt on Microsoft’s ability to work with open source partners. The impression is that Mono was a useful means of ticking the Linux box for Silverlight’s launch – though the version which includes .NET is still not complete – but that when it really wants to support a Linux OS, Microsoft is quick to find another route.

It is stating the obvious to say that the open source community is wary of Microsoft. Everything the company does is eyed with suspicion. Microsoft’s official support for Moonlight, along with great work from people like John Lam who works on IronRuby, was beginning to soften some of that hostility. Miguel de Icaza, leader of the Mono project, has been a great bridgebuilder between Microsoft and the open source community – so much so, that Richard Stallman recently called him “basically a traitor to the free software community”. Stallman has done his cause no credit with this remark. “I think we officially hit a new low here”, says OS news.

A terrible moment then for Microsoft to snub Moonlight by doing its own thing with Intel for Silverlight on Linux. What was even more striking is that the company seemingly had no idea of the impact of its announcement, and that it might be a sensitive matter, and apparently did nothing to prepare the Mono team in advance for the obvious questions that would be asked.

What is more important – that Silverlight works smoothly on Moblin, or Microsoft’s relationship with the open source community?

Yesterday I speculated about what was meant by the inclusion of Silverlight among supported runtimes for Intel’s Moblin Linux, which is being used on netbooks using the Atom processor. I had assumed it was some new development of Moonlight, Mono’s Silverlight implementation, but apparently this is not the case. Here’s what Microsoft’s Brian Goldfarb, director of the Developer Platform Group at Microsoft, said:

Microsoft and Intel announced today that the two companies have agreed to work together to bring support for Silverlight 3 to Intel’s Atom-based Mobile Internet Devices (MID). These Atom-based devices run on Windows and Moblin, an open source, Linux-based operating system targeted at Atom-based devices. In order to help bring Silverlight content to these devices, Microsoft has provided Intel with Silverlight source code and test suites, and Intel will provide Microsoft with an optimized version of Silverlight for Moblin devices that Microsoft can then redistribute to OEMs.

There are a couple of curious aspects to this. One is why Microsoft would not simply feed optimisations into the Moonlight project, which would benefit Silverlight/Moonlight on all Linux systems. Goldfarb did add:

The Silverlight for Moblin announcement is independent from Microsoft’s work with Novell on Moonlight. The Intel/Moblin effort is specifically about building great out-of-box experiences for consumers on Atom-based devices. Microsoft’s efforts with Novell remain critical as they build an open-source, compatible, and broadly available Silverlight solution for Linux.

Another is whether Intel/Microsoft are devising some way for Silverlight to run as a desktop application, rather than just as a browser plug-in. I’m hopping to clarify these points soon.

Adobe’s Mike Chambers has revealed a new feature in AIR 2.0, the desktop runtime based on Flash.

At the Flash on the Beach conference in Brighton, he showed the NativeProcess API. You can “call and communicate” with external applications.

There are several restrictions, for security reasons. The application must be distributed as a native installer, not as an AIR download, and it cannot execute applications within its own directory.

Another new feature is that you can also open the default application for a specified file. For example, you could have your application generate a spreadsheet and open it in Excel on Windows or Mac (if Excel is the default handler for a spreadsheet). This feature works in any AIR application, though again the file cannot be within the application directory. There is also a blacklist of disallowed file types.

I am sure there will be debate about the security implications; it will be interesting to examine the new capabilities in more detail.

This strikes me as a useful new feature, significantly extending the capabilities of an AIR application.

Intel has announced its Atom Developer Program including a new app store. The idea is to encourage a flow of applications that are well suited to netbooks, rather than general desktop applications that tend to get pressed into service because they are there, but may not be well suited to the smaller screen and more limited resources typical of netbooks versus full laptops. No doubt Intel has its eye on Apple’s successful iPhone App Store, which enhances sales of the hardware as well as providing a ready-made sales channel for independent software vendors, and wants to do the same for netbooks.

In order to participate as a developer, you have to sign up for the program, which will cost $99 annually though currently it is free. An interesting twist is that the developer program is a component market as well as an application market. Write a cool component, and you can get paid whenever any application that uses your component is sold. Intel handles all the business details, for a cut of course.

Intel is supporting two operating systems, Windows and Moblin, Intel’s Linux distribution. Your applications must be one of the following:

Native Windows (I am not sure whether .NET is allowed)

Native Moblin

Java

Adobe AIR

A puzzle is that Intel’s press release makes several references to Silverlight as a cross-platform runtime; yet although there is a Linux version of Silverlight, called Moonlight, there isn’t any exact equivalent to AIR for desktop Silverlight and I am not clear how Silverlight fits in any of the categories above. I may be reading too much into this; but perhaps all will be explained when Silverlight 4 is unveiled at PDC in November? Here’s what the press release says:

“Using Silverlight’s cross-device, cross-browser, cross-platform technology, developers will be able to write applications once and have them run on Windows and Moblin devices – expanding the reach of Silverlight applications to more consumers, regardless of whether the device they’re using is a PC, TV or phone,” said Ian Ellison Taylor, general manager, Microsoft Client Platforms and Tools.

Note that despite the above quote, Moonlight 2.0 is still in beta, and no current phones include the Silverlight runtime.

Apps must be delivered in one of the following forms:

.msi (for Windows*)

.jar (for Java*)

.air (for Adobe® AIR*)

.deb (for Debian Mobilin/Linux)

.rpm (for RedHat* Linux)

All applications in the store are subject to Intel’s approval (called validation):

The validation process checks your code for suitability for the Developer Program, licensing and legal issues, and some basic functionality.

Runtimes and technologies the application can support can only be any of the following: Moblin* Native, Windows* Native, Adobe AIR*, Java FX *, and Microsoft* Silverlight*.

Hmm, Silverlight again.

Intel gets 30% of your revenue. You can also market components and if your application uses a paid-for component a share of the revenue will be paid to the component vendor. Free applications and components are also permitted.

I really like the checklist – I wish all desktop applications conformed to some of the requirements. Like this one:

The application will completely uninstall when desired, and leave no garbage files behind.

One curious facet of the program is that although it is specifically for the Atom, in most cases your application will likely run fine on other processors. I am not sure if Intel will do anything to ensure that only Atom-powered computers use the store.

Adobe has announced the distribution side of its Flash Platform Services. The press release heading is quite a mouthful:

New Distribution Service Provides Web Application Sharing, Promotion, Measuring and Monetization across Desktops and Mobile Platforms

and it is hard to take in at a glance exactly what the services are offering. Here’s my quick take.

A good place to start is with this article on Gigya’s site, Gigya being Adobe’s partner for this. Here you will see Gigya’s Wildfire Flash widget; it’s a working example so you can try it out on the site – the illustration below is only a bitmap though.

This widget is what Adobe calls a Share Menu in its Distribution service overview. The idea is that you as the publisher display a widget like this alongside or within your new or existing Flash applications – perhaps customized to hide the ugly embed code. Your user comes along, sees the cool application, and wants to embed the application on their own blog, Facebook page, or even on the desktop. They click one of the buttons and the widget automates as far as possible the creation of a new post on the selected service which includes the embed code for your widget or application.

Along with services like Facebook, MySpace and WordPress listed above, Wildfire supports desktop widgets such as the Vista sidebar and bookmarks on services such as FriendFeed, Digg and Twitter. In the case of a mobile app, the button would generate an SMS message that would link to the application install.

I’m not a good candidate for this kind of widget as I try to keep logged out of social services. As an experiment though, I logged into Live Spaces. I clicked the Live Spaces button which prompted me for a post title. Clicking OK then pre-populated a new post to my Spaces blog; one further click would have confirmed the post.

Creating a Share Menu

The piece that confused me at first is that the Share Menu can be either external to the application you are distributing or embedded within it. Embedding it within the app is the most powerful option, since the application can then have a “get this app” button. This allows other users to display the Share Menu and install the app for themselves. The goal, of course, is viral distribution, where apps can become popular quickly via social networks, as happened to great effect in the early days of Facebook.

You can add a share menu to your application in Flash. I installed Adobe’s extension and found a new Share Menu component in Flash CS4.

However you choose to implement it, the Share Menu always includes a partner ID which identifies the application publisher and a Code ID which identifies the application. To get these you have to sign up for Adobe’s Distribution service.

You can also add an external Share Menu using a web page editor such as Dreamweaver. This creates a generic widget customised through script arguments.

Adobe’s advertising network

So far so good, but how do you kick-start the viral distribution of your app? This is where Adobe’s ad network comes in. There are several aspects to this:

– You can pay to have your application promoted through Adobe’s network. One mechanism for this is that when a user installs some other shared application, they are prompted to install yours as well.

– You can monetize your applications by hosting a shared install, the other side of the above.

– You can embed other advertising within your application and get paid for it

These processes are managed using Distribution Manager, an AIR application. You can use this both as an advertiser or as a publisher; indeed, you may well have both roles.

Making an application shareable is free, but if you want to promote it the cost is from $1 per install; if you host ads you can expect around $5.00 per thousand views (CPM).

The Distribution Manager also lets you track application install and usage.

More Flash Platform Services

There’s more to come; as Ryan Stewart explains. The Flash Collaboration Service is already in beta, and provides everything for sharing and communication including voice over IP, webcam, file sharing, chat, data exchange and more. There’s also a social piece which will integrate with social networks like Facebook and MySpace – given the link with Gigya, maybe a variant of the Gigya Socialize API, which “aggregates authentication and social APIs from Facebook Connect, MySpace ID, Twitter, Google, Yahoo, and AOL”?

Finally, a brief comment. I think Adobe is serious about this as one way of expanding its business model beyond tools, which I believe it has to do. It strikes me as an interesting platform, even though personally I am averse to widget proliferation and wary of the privacy implications of highly tracked applications. Serge Jespers remarks about his MAX widget:

The service also allows you to monetize your application and also track just about everything a user does with the app

perhaps not realising what a red light that is to some of us. Note however that all apps in Adobe’s distribution service are subject to approval.

Overall it’s an interesting platform to watch. In a nutshell: applications that install themselves (almost) and with built-in cross-promotion – but not quite (we hope) actual viruses.